First you should check both sender and subject line for suspicious elements. In particular, pay attention to the domain name that follows the @ sign in the address. Unusual combinations of names and words should be considered red flags. One example could be an e-mail address that uses department descriptions like "marketing" or "management" in the e-mail address.

Using caution about anti-virus programs

E-mails that appear to be sent by anti-virus service providers are often smuggling dangerous cargo: worms sometimes disguise themselves as updates to an anti-virus program. Senders of this kind of e-mail use fake e-mails from popular software companies like support@symantec.com. Never open an attachment from this kind of message. Anti-virus software development companies provide updates only via their websites as a rule. The same applies to updates to operating systems.

More tips that may protect you against fake e-mails:

• Use caution when it comes to your e-mail address: Do not blithely enter your e-mail address in web forms without considering the consequences. Share your e-mail address only with people you know personally. Treat addresses you receive from friends and acquaintances with the same level of discretion.
• Avoid use of the auto-responder: This function is commonly used to send out-of-office notices. However, spam senders, too, receive the notice, learning that your e-mail address is active.
• Store e-mail addresses as image files on your webpage: Spammers scrape HTML pages on the Internet when looking for e-mail addresses. If your e-mail address there is stored as an image file, searches like this will come up empty.
• Create a secondary e-mail address: Many webpages require an e-mail address as part of the registration process. To avoid sharing your primary address everywhere, be ready with a secondary address.
• Take advantage of any spam protection from your e-mail provider: Free e-mail providers are a favourite target of advertisers. Spam protection from your provider can help.
• Complain! If you are receiving annoying, unwanted adverts by phone, fax, SMS or e-mail, you can report it to the German Federal Network Agency (Bundesnetzagentur). In addition, you can contact the Internet-Beschwerdestelle.
• Always keep your software up to date! Vulnerabilities in your browser and applications are a favourite point of attack of cyber criminals. Most development houses provide notifications about new security updates. Find more important updates in our "Sicher Informiert" newsletter that is published regularly by the BSI's BÜRGER (citizen) CERT.
• If possible, disable the "execute active content" function in your browser. If you don't want to give it up entirely, do at least configure your browser so that you are asked every single time whether you want to execute active content.
• Disable the auto-preview function in your e-mail application. This prevents any malware that may be embedded in HTML format in an e-mail from being executed automatically.
• Encrypt your e-mails using a digital signature! While free programs have long been available, only very few people use this effective method: a digital signature can protection your e-mail communications from manipulation and espionage.